Threat Reports

Threat Summary: 27 September – 03 October 2019

27 September – 03 October 2019

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
iPhone 4S

iPhone X

iPhone 8

iPad

Qualcomm Snapdragon
Deep & Dark Web
Name Heat 7d
vBulletin

iPhone X

iPhone 4S

iPad

Windows Server 2019

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
DoorDash (US) A data breach on May 4th, 2019 exposed the details of approximately 4.9 million DoorDash customers, workers, and merchants who used DoorDash before April 5th, 2018. Exposed data includes names, email addresses, delivery addresses, hashed and salted passwords, and more. Financial details were also exposed in the breach, and delivery workers and merchants had the last four digits of their bank accounts exposed, whereas customers had the last four digits of their payment card leaked. 4,900,000
Vodafone (New Zealand) On September 25th, 2019, Vodafone customers in New Zealand who used the company’s app were able to see account details for other customers. An error caused by an ‘unexpected caching issue’ app caused customers to see another user’s information when they attempted to log into their own account. Unknown
Calcioshop (Italy) Researchers at Security Discovery identified an exposed Elasticsearch cluster that belonged to Italian football accessory shop Calcioshop. The database exposed the 408,995 records which contained names, email, phone numbers, billing information, IP addresses, and more. Security Discovery contacted the company but received no response. The database was removed on September 19th, 2019, after the researchers contacted the Italian CERT. Unknown
Berry Family Services (US) Berry Family Services was hit by a ransomware attack on July 10th, 2019, which potentially affected 1,751 of its patients. The purpose of the attack is believed to have been money extortion, rather than information theft, however access to patient data has not been ruled out. Potentially accessed data includes names, addresses, dates of birth, Social Security numbers, medical insurance information and related health information. 1,751
Zynga Inc (US) Pakistani hacker Gnosticplayers claims to have accessed the database for the games ‘Words with Friends’ and ‘Draw Something’. The database for Draw Something allegedly contains clear text passwords for over 7 million users, whereas the ‘Words with Friends’ database allegedly contains the details of 218 million Android and iOS users who installed the game before September 2nd, 2019. Exposed details included names, email addresses, hashed passwords, and more. 225,000,000
ServiceArizona (US) The Arizona Department of Transportation (ADOT) announced that 164 drivers had their identities stolen. Criminals used the online site ServiceArizona to order duplicate driver licenses. Stolen licences were used to establish bank accounts and credit cards. 164
Fragrance Direct (UK) English-based online perfume retailer Fragrance Direct disclosed that an attack on the site resulted in criminals gaining names, addresses, phone numbers, and credit and debit card details. Fragrance Direct’s founder stated that the data was accessed by ‘malicious code’. The Register speculated that the attack was a MageCart infection. Unknown
Wood Ranch Medical (US) California-based Wood Ranch Medical announced it will close its office on December 17th, 2019, after a ransomware attack that occurred on August 10th, 2019, resulted in the loss of their patient records and backups. The clinic’s notification states that the clinic does not believe any patient information was stolen, however, potentially accessed data includes patients’ names, addresses, dates of birth, medical insurance and related health information. Unknown
CHI Health Lakeside Hospital (US) CHI Health Lakeside Hospital suffered a ransomware attack on August 1st, 2019, that targeted a database storing electronic health records of its orthopaedic clinic patients prior to April 2016. The hospital does not believe any patient information has been misused, however, potentially exposed data included names, dates of birth, Social Security numbers, phone numbers, addresses and medical information. Unknown
Comodo Forum (US) A vulnerability in vBulletin software, which is used to power one of Comodo Forum’s boards, was exploited by hackers on September 29th, 2019. It was exploited to steal the details of over 170,000 users. Exposed information includes usernames, names, email addresses, potentially social media usernames, and more. ITarian forum, which uses vBulletin and is also by Comodo, posted a similar notice which warned users of a data breach incident. The forum has 45,300 users. >170,000
Unknown (Ukraine) Comparitech researchers discovered an unprotected Amazon Web Services Elasticsearch cluster that contained personally identifiable information of over 20 million Russian citizens. The database was taken offline on September 20th, 2019. Besides the geo-location of Ukraine, it is unclear who the owner is. The data spanned from 2009 to 2016 and exposed information included full names, addresses, residency status, passport numbers, phone numbers, Tax ID numbers, employer names and phone numbers, and tax amounts. Most of the affected individuals are Russian citizens located in Moscow and the surrounding area. 20,000,000
American Express (US) On September 30th, 2019, American Express began notifying potentially impacted customers of a data breach incident caused by a former employee. The notification states that the employee accessed American Express Card accounts in order to potentially open accounts at other financial institutions. Exposed information included names, addresses, Social Security numbers, credit card numbers, and more. American Express informed BleepingComputer that the employee has been terminated and is under criminal investigation. Unknown
Zendesk (US) On October 2nd, 2019, Zendesk issued a statement informing customers that an unauthorised party accessed approximately 10,000 Zendesk Support and Chat accounts. Impacted parties had accounts that were activated before November 1st, 2016. Exposed information included email addresses, names and phone numbers of agents and end users, and hashed and salted passwords of agents and end users. A subset of approximately 700 customers had TLS encryption keys exposed, as well as configurations settings of apps installed from private apps or apps installed from the Zendesk app marketplace. 10,000

This table shows a selection of leaks and breaches reported this week.

Vulnerabilities Mentions in Microsoft Products

This chart shows the trending vulnerabilities related to Microsoft Products over the last week.

Weekly Industry View
Industry Information
Government Comparitech researchers discovered an unprotected Amazon Web Services Elasticsearch cluster that contained the personally identifiable information of over 20 million Russian citizens.  The owner, who is based in the Ukraine, took the database offline on September 20th, 2019, after being notified of the leak. Besides the geo-location, it is unclear who the owner is. The data spanned from 2009 to 2016 and exposed information included full names, addresses, residency status, passport numbers, phone numbers, Tax ID numbers, employer names and phone numbers, and tax amounts. Most of the affected individuals are Russian citizens located in Moscow and the surrounding area. 
Healthcare On September 30th, 2019, hospitals in the Gippsland Health Alliance and the South West Alliance of Rural Health were hit by a ransomware attack. The incident affected patient records, and booking and management systems. Impacted hospitals have disconnected from the internet in an attempt to isolate the malware. The Victorian Department of Premier and Cabinet stated that at present there is no evidence to suggest that patient information has been accessed.
Technology Researchers at Ginno discovered a vulnerability in SIM cards that allows an attacker to take control of a victim’s phone by sending an over the air (OTA) SMS to their phone number. The OTA function is used by network operators to modify the contents of a SIM card without establishing a physical connection. If an attacker breaks OTA SMS they can send an SMS to the target device which contains WIB commands that can be used to send messages, provide location, setup calls, and more. The researchers stated that they have been aware of the vulnerability since 2015 but did not disclose it due to its ease of exploitation and difficulty to patch. The flaw is present on millions of SIM cards worldwide.
Retail, Hospitality & Tourism On September 26th, 2019, DoorDash revealed that an unauthorised third party accessed company data. The breach took place on May 4th, 2019, and exposed the details of approximately 4.9 million customers, workers, and merchants who used DoorDash before April 5th, 2018. Exposed data includes names, email addresses, delivery addresses, hashed and salted passwords, and more. DoorDash have not revealed details about the cryptographic hashing method which was used to protect passwords. Financial details were also exposed in the breach, and delivery workers and merchants had the last four digits of their bank accounts exposed, whereas customers had the last four digits of their payment card leaked.
Critical Infrastructure Rheinmetall AG and Defence Construction Canada (DCC) were hit by cyber-attacks that resulted in the disruption of their information technology systems. Rheinmetall AG reported that the IT infrastructures of their plants in Brazil, Mexico and the US were affected by malware attacks on the evening of September 24th, 2019. They predict that the disruption caused could last between two to four weeks. DCC stated that their information technology systems were disrupted on September 11th, 2019.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 15 October 2019

      Ongoing Campaigns Researchers analyse sextortion spam that uses infected devices to mine Monero Reason Cybersecurity researchers have analysed a recent sextortion campaign, which...
  • Silobreaker Daily Cyber Digest – 14 October 2019

      Malware Tarmac malware targets macOS Researchers at Confiant found an ‘advanced piece of macOS malware’, dubbed OSX/Tarmac, being delivered by OSX/Shlayer malware. OSX/Shlayer...
  • Silobreaker Daily Cyber Digest – 11 October 2019

      Malware Researchers discover malware targeting Russians since at least 2013 ESET researchers have discovered a new malware, dubbed Attor, that has been in...
View all News

Request a demo

Get in touch